achieving continuous monitoring with security automation
DESCRIPTION
This presentation provides: An overview of continuous monitoring Discusses federal requirements for continuing monitoring Explains why it is critical for risk mitigation Describes an effective continuous monitoring strategy that brings together data from different security controls in one place Watch the webcast here: http://www.tripwire.com/register/achieving-continuous-monitoring-easily-with-security-automation/TRANSCRIPT
![Page 1: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/1.jpg)
Achieving Continuous Monitoring with Security Automation
![Page 2: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/2.jpg)
Achieving Continuous Monitoring with Security Automation
![Page 3: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/3.jpg)
Achieving Continuous Monitoring with Security AutomationSteve Johnston, Federal, DOD and Civilian AgenciesErich Dobroth, Federal Lead Systems Engineer
![Page 4: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/4.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Continuous Monitoring is about…..
Risk Management
Empowering
Strengthen
Reducing
Decision Making
Leadership to make educated decisions
The Control Environment
Resources spent on annual IT Audits
Actionable Alerts to focus resources and respond
![Page 5: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/5.jpg)
IT SECURITY & COMPLIANCE AUTOMATION5
Continuous Monitoring & Risk Management Framework
Categorize Information
SystemMonitor Security State
Authorize Information
System
NISTRisk Management
FrameworkSP800-37
Select Security Controls
Implement Security Controls
Assess Security Controls
Start
• Aligned with RMF (800-37) and CM requirements (800-137)
• Cyberscope Management Reporting• DoD adopting RMF for Continuous Monitoring
SP800-137
![Page 6: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/6.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Sharing knowledge of threats and attacks across different networks
Situational Awareness
![Page 7: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/7.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Sharing knowledge of threats and attacks across different networks
Situational Awareness
![Page 8: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/8.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Defining CM Processes
Creating yet another process can be daunting, time consuming and flows against the culture
Sharing knowledge of threats and attacks across different networks
Situational Awareness
![Page 9: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/9.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Defining CM Processes
Creating yet another process can be daunting, time consuming and flows against the culture
ConfigurationVisibility
Knowing what to monitor and the frequency can be very challenging
Sharing knowledge of threats and attacks across different networks
Situational Awareness
![Page 10: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/10.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Defining CM Processes
Creating yet another process can be daunting, time consuming and flows against the culture
ConfigurationVisibility
Knowing what to monitor and the frequency can be very challenging
Applying CM
With so many controls to monitor its challenging to apply CM to all controls
Sharing knowledge of threats and attacks across different networks
Situational Awareness
![Page 11: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/11.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Breach - Compromise-to-Containment
Source: 2012 Data Breach Investigations ReportVerizon RISK Team in cooperation with the United States Secret Service
![Page 12: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/12.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Server Configuration Controls is still he “Holy Grail”
Source: 2012 Data Breach Investigations ReportVerizon RISK Team in cooperation with the United States Secret Service
![Page 13: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/13.jpg)
IT SECURITY & COMPLIANCE AUTOMATION13
Continuous Monitoring is more than just watching data….
…its System State Intelligence
![Page 14: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/14.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
14
Challenge of Achieving & Maintaining Secure Configurations
Time
Trusted State
Com
plia
nce
RISK change never stops
Change is occurring
• Compliance and Security is often driven by audits
![Page 15: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/15.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
15
Make the Climb Once - Continuous Monitoring/Compliance
TRIPWIRE CONFIGURATIONASSESSMENT AND CONTROL
Time
Trusted State
Com
plia
nce
Continuous Compliance
Assess & Achievedesired state
Maintainthat state
![Page 16: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/16.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Tripwire Security Solutions
![Page 17: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/17.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
![Page 18: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/18.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
![Page 19: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/19.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
![Page 20: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/20.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
3 Determine Risk Threshold and Frequency of Monitoring (real-time, daily, weekly, periodic)
![Page 21: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/21.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
3 Determine Risk Threshold and Frequency of Monitoring (real-time, daily, weekly, periodic)
4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
![Page 22: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/22.jpg)
IT SECURITY & COMPLIANCE AUTOMATION22
![Page 23: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/23.jpg)
IT SECURITY & COMPLIANCE AUTOMATION23
![Page 24: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/24.jpg)
IT SECURITY & COMPLIANCE AUTOMATION24
![Page 25: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/25.jpg)
IT SECURITY & COMPLIANCE AUTOMATION25
![Page 26: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/26.jpg)
IT SECURITY & COMPLIANCE AUTOMATION26
![Page 27: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/27.jpg)
IT SECURITY & COMPLIANCE AUTOMATION27
![Page 28: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/28.jpg)
IT SECURITY & COMPLIANCE AUTOMATION28
![Page 29: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/29.jpg)
IT SECURITY & COMPLIANCE AUTOMATION29
![Page 30: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/30.jpg)
IT SECURITY & COMPLIANCE AUTOMATION30
![Page 31: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/31.jpg)
IT SECURITY & COMPLIANCE AUTOMATION31
![Page 32: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/32.jpg)
IT SECURITY & COMPLIANCE AUTOMATION32
![Page 33: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/33.jpg)
IT SECURITY & COMPLIANCE AUTOMATION33
![Page 34: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/34.jpg)
IT SECURITY & COMPLIANCE AUTOMATION34
![Page 35: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/35.jpg)
IT SECURITY & COMPLIANCE AUTOMATION35
![Page 36: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/36.jpg)
IT SECURITY & COMPLIANCE AUTOMATION36
![Page 37: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/37.jpg)
IT SECURITY & COMPLIANCE AUTOMATION37
![Page 38: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/38.jpg)
IT SECURITY & COMPLIANCE AUTOMATION38
![Page 39: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/39.jpg)
IT SECURITY & COMPLIANCE AUTOMATION39
![Page 40: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/40.jpg)
IT SECURITY & COMPLIANCE AUTOMATION40
![Page 41: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/41.jpg)
IT SECURITY & COMPLIANCE AUTOMATION41
![Page 42: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/42.jpg)
IT SECURITY & COMPLIANCE AUTOMATION42
![Page 43: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/43.jpg)
IT SECURITY & COMPLIANCE AUTOMATION43
![Page 44: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/44.jpg)
IT SECURITY & COMPLIANCE AUTOMATION44
![Page 45: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/45.jpg)
IT SECURITY & COMPLIANCE AUTOMATION45
![Page 46: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/46.jpg)
IT SECURITY & COMPLIANCE AUTOMATION46
![Page 47: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/47.jpg)
IT SECURITY & COMPLIANCE AUTOMATION47
![Page 48: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/48.jpg)
IT SECURITY & COMPLIANCE AUTOMATION48
![Page 49: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/49.jpg)
IT SECURITY & COMPLIANCE AUTOMATION49
![Page 50: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/50.jpg)
IT SECURITY & COMPLIANCE AUTOMATION50
![Page 51: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/51.jpg)
IT SECURITY & COMPLIANCE AUTOMATION51
![Page 52: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/52.jpg)
IT SECURITY & COMPLIANCE AUTOMATION52
![Page 53: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/53.jpg)
IT SECURITY & COMPLIANCE AUTOMATION53
![Page 54: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/54.jpg)
IT SECURITY & COMPLIANCE AUTOMATION54
![Page 55: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/55.jpg)
IT SECURITY & COMPLIANCE AUTOMATION55
![Page 56: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/56.jpg)
IT SECURITY & COMPLIANCE AUTOMATION56
![Page 57: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/57.jpg)
IT SECURITY & COMPLIANCE AUTOMATION57
![Page 58: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/58.jpg)
IT SECURITY & COMPLIANCE AUTOMATION58
![Page 59: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/59.jpg)
IT SECURITY & COMPLIANCE AUTOMATION59
![Page 60: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/60.jpg)
IT SECURITY & COMPLIANCE AUTOMATION60
![Page 61: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/61.jpg)
IT SECURITY & COMPLIANCE AUTOMATION61
![Page 62: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/62.jpg)
IT SECURITY & COMPLIANCE AUTOMATION62
![Page 63: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/63.jpg)
IT SECURITY & COMPLIANCE AUTOMATION63
![Page 64: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/64.jpg)
IT SECURITY & COMPLIANCE AUTOMATION64
![Page 65: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/65.jpg)
IT SECURITY & COMPLIANCE AUTOMATION65
![Page 66: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/66.jpg)
IT SECURITY & COMPLIANCE AUTOMATION66
![Page 67: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/67.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
3 Determine Risk Threshold and Frequency of Monitoring (real-time, daily, weekly, periodic)
4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
![Page 68: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/68.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
More about Continuous Monitoring with Tripwire Solutions
Achieving FISMA Compliance: Continuous Monitoring Using Configuration Control and Log Management http://bit.ly/fismacompliance
Automation: The Game Changer for Continuous Monitoringhttp://bit.ly/cmautomation
Continuous Monitoring: Responding to New Threats in More Complex IT Environmentshttp://bit.ly/newthreats
68
![Page 69: Achieving Continuous Monitoring with Security Automation](https://reader036.vdocuments.net/reader036/viewer/2022070317/55654b9ad8b42a77078b458e/html5/thumbnails/69.jpg)
www.tripwire.comTripwire Americas: 1.800.TRIPWIRETripwire EMEA: +44 (0) 20 7382 5440Tripwire Japan: +812.53206.8610Tripwire Singapore: +65 6733 5051Tripwire Australia-New Zealand: +61 (0) 402 138 980
THANK YOU!
Erich [email protected]
503.276.7617
Steve [email protected]
817.313.7622